Pages

Daily Tech Digest - May 09, 2017

Leadership is not an immutable set of universal traits. The British have an expression, “Horses for courses,” by which they mean that just as some horses are best on wet tracks, or long tracks or short tracks, so are some people better suited to certain activities than other people. This applies in IT leadership. Horses for courses; environment matters. To be successful, IT leaders need to identify and apply a subset of leadership traits relevant to the environment in which they find themselves. This means that when the environment changes, leaders have to change — not who they are, but how they lead. ... Nathan Rothschild was convinced opportunities were greatest when cannonballs were falling in the harbor, “when there’s blood in the streets, even if the blood is your own.”

Led primarily by traditional CIOs, many companies have created centralized data management, big data and information governance strategies and capabilities. To lead these functions, insurance companies have sought talent from adjacent industries that have led the way in data analytics. This typically includes retail, financial services, information services and data companies. In some instances, Insurance companies have looked to executives coming out of healthcare organizations in order to leapfrog their own data capabilities. Though the Insurance industry has made significant strides in terms of data capabilities, it continues to grapple with the challenges of organizational access, and structuring to maximize the impact of analytics.

Unfortunately, technical security protections are often easily undermined by social engineering and human error. In fact, according to CompTIA’s 2016 International Trends in Cybersecurity report, 58 percent of security breaches are caused by human error, versus 42 percent caused by technology error. For example, look at Sony Pictures’ catastrophic data breach, where the company lost employee personal information, emails, and even copies of un-released films. When the dust finally settled around this attack, evidence suggested that the intruders began with credentials harvested from spear-phishing campaigns that deceived employees. Sometimes attackers don’t even need to trick employees into giving up their credentials; they can just guess an over-simplified password. According to Verizon, 63 percent of all intrusions involve stolen, weak, default or easily guessed credentials.

Threats to IoT can be divided into two categories. First, devices are taken over to do something they are not intended to do, like a security camera that becomes part of a botnet attack. But also devices can be commandeered to do exactly what they are intended to do but in a devious way. Think of directing a self-driving car to drive off a bridge. Consider the cyber attack on Iran’s nuclear enrichment centrifuges to make them rapidly speed up and then suddenly slow down (imagine pushing down hard on the accelerator, and then the brake in your car), which eventually seriously damaged them. That flummoxed operators who had never planned a response to prevent something like that because why would you do that in the first place? Therein lies the danger of IoT security flaws: Hackers may come up with ways to use devices that were never conceived of before.

A vulnerability that lets someone boot up your PC and install software at will, and even bypass logging in, sounds about as bad as it can get. Still, it's not clear just how easy this is to exploit. Security reporter Dan Goodin of Arstechnica reported last week that some researchers believe the exploit would have to be present and the machine would have to be set up or provisioned for remote management for it to open to the attack. Goodin, however, followed up with a report on Saturday that researchers had bypassed the AMT without even entering a password. In the end, the first step in fixing a problem is recognizing that you have one. If you think you might have the exploit on your machine, run the check.

The Linux Foundation announced a new software project under its Hyperledger open consortium aimed at creating a collaboration tool for building blockchain business networks -- or smart contracts -- and their deployment across a distributed ledger. The new project, called Hyperleder Composer, is a modeling language based on JavaScript and with REST API support, that allows non-developers and developers to model their business network. The language also supports modeling of relationships and data validation rules. For example, all blockchain business networks share certain elements, such as assets, participants, identities, transactions, and registries. With existing blockchain or distributed ledger technologies, it can be difficult for organizations to take a blockchain business use case and map the concepts into running code.

A landmark study in the mid-1990s found that only 55% of a company’s results stemmed from issues that managers could control. That means fully 45% of the results related to effects in the environment -- a recession, a surprise by a competitor, a natural disaster, and so on. Managers tend to throw up their hands about external surprises. “Who could have known?” “What could we have done?” But that 45% can, in fact, be managed. The secret is to sense the external events quickly and to react faster and more nimbly. Remember: you don’t have to get everything right; you just have to be a little more right than your competitors. To begin managing those areas traditionally considered unmanageable, senior executives should focus on developing four organizational capabilities.

It’s no surprise that there’s a strong correlation between effective leadership and the characteristics common among resilient individuals—which include self-reliance, an internal locus of control, a growth mind-set, strong problem-solving abilities, and good interpersonal skills. Indeed, resilience experts at Sloan Group International reported in a recent presentation that, based on the available research, “people who self-select into a leadership role tend to have a higher ability to deal with stress and hold a high amount of resilience.” Vindication for the Shackleton model, right? Sure, but that model may deliver fewer returns as the workplace evolves. The more distributed leadership becomes, and the more collaboratively teams are asked to work, the fewer chances there are for Shackletons to come along and save the day when things go awry.

One challenge for companies will be to find people who have experience in both robotics and security. “There will be a few folks, but it will be a hot market because not many students study both robotics and security,” Gennert said. “Those that do both will be able to write their own ticket.” Until companies can effectively combine robotics with security, robots may be an easy entryway for a hacker into a company's networks. Nunnikhoven said there’s no direct evidence that hackers have taken advantage of these exploits. There aren’t proper monitoring systems in place to know if the systems have been exploited, he said. Malicious hackers could get into a robot's controller system and make adjustments to its actions, which could create a dangerous situation in the factory or could enable the robots to build unsafe products on the production line.

In cloud, we don’t know exactly where our application is running. Hardware is prone to failure. Software updates and patches are also prone to error. It’s better to architect and design your application to handle failures rather than thinking and trying to make it robust which is never possible. Eliminate single point of failure (SPOF), build resiliency at every level. An application should function even when the underlying hardware has failed. AWS Availability Zones (AZ) and Regions, similarly Azure Locally Redundant Storage (LRS), Zone-redundant Storage (ZRS), Geo-redundant Storage (GRS), and Read-access geo-redundant storage (RA-GRS) all make it easier to design redundant capabilities. Building resilient cloud infrastructure is straightforward and far less expensive than traditional means.